<?php
session_start();
include '../include/conn.php';
$teacher_id = $_SESSION['teacher_id'];
$course_id = DB::CheckInput($_POST['course_id']);
$course_name = DB::CheckInput($_POST['course_name']);
$course_hour = DB::CheckInput($_POST['course_hour']);
$sql = 'INSERT INTO course VALUES (\'' . $course_id . '\',\'' . $teacher_id . '\',\'' . $course_name . '\',\'' . $course_hour . '\')';
$result = $conn->query($sql);
if ($result) {
echo '1';
} else {
echo '0';
}
$year = DB::CheckInput($_POST['year']) . "_________";
$select_id = DB::CheckInput($_POST['select_id']);
$select_any = DB::CheckInput($_POST['select_any']);
if ($select_id == 1) {
$sql = "SELECT `time_add`,`course_id`,`course_class`,`tips` FROM `teacher_sj_schedule` WHERE time_add like '{$year}' AND course_class!='' AND course_id in (SELECT course_id FROM `course` WHERE course_name like '%" . $select_any . "%')";
}
if ($select_id == 2) {
$year = DB::CheckInput($_POST['year']) . "__" . $select_any . "____";
$sql = "SELECT `time_add`,`course_id`,`course_class`,`tips` FROM `teacher_sj_schedule` WHERE time_add like '{$year}' AND course_class!=''";
}
if ($select_id == 3) {
$student_num = substr($select_any, 0, 7);
$sql = "SELECT `time_add`,`course_id`,`course_class`,`tips` FROM `teacher_sj_schedule` WHERE time_add like '{$year}' AND course_class!='' AND course_class like '%{$student_num}%'";
}
if ($select_id == 4) {
$year = DB::CheckInput($_POST['year']) . "_____" . $select_any . "__";
$sql = "SELECT `time_add`,`course_id`,`course_class`,`tips` FROM `teacher_sj_schedule` WHERE time_add like '{$year}' AND course_class!=''";
}
if ($select_id == 5) {
$sql = "SELECT `time_add`,`course_id`,`course_class`,`tips` FROM `teacher_sj_schedule` WHERE time_add like '{$year}' AND course_class!='' AND course_id in (SELECT course_id FROM `course` WHERE teacher_id in (select teacher_id from teacher where teacher_id like'%" . $select_any . "%'))";
}
if ($select_id == 6) {
$sql = "SELECT `time_add`,`course_id`,`course_class`,`tips` FROM `teacher_sj_schedule` WHERE time_add like '{$year}' AND course_class!='' AND course_id in (SELECT course_id FROM `course` WHERE teacher_id in (select teacher_id from teacher where teacher_name like'%" . $select_any . "%'))";
}
$result = $conn->query($sql);
?>
<table width="88%"; border="1"; id="t_table"; align="center" id="t_table">
<tr height="30px;" align="center" style="font-size:17px; font-weight:600;">
<td style="cursor:pointer" title="课程排序" onclick="ownSort(0)">课程</td>
<td style="cursor:pointer" title="教师排序" onclick="ownSort(1)">教师</td>
<td style="cursor:pointer" title="时间排序" onclick="ownSort(2)">时间</td>
//array(
// '周次', '星期', '节'
//);
function get_time($time_add)
{
return array(substr($time_add, 10, 2), substr($time_add, -1, 1), substr($time_add, -2, 1));
}
//是否全局
$global = DB::CheckInput($_GET['global']);
$objPHPExcel = new PHPExcel();
$objWriter = new PHPExcel_Writer_Excel5($objPHPExcel);
$objPHPExcel->getProperties()->setCreator('SUTACM-Paike System');
//$db_year;
if (!$global) {
//指定实验室号
$address = DB::CheckInput($_GET['address']);
$sql_confirm = sprintf('SELECT address FROM ini_address WHERE address = "%s"', $address);
$confirm_result = $conn->query($sql_confirm);
if (!$confirm_result->num_rows) {
echo '<script>alert("抱歉,数据库中没有查到该实验室编号")</script>';
exit;
}
$sql = sprintf('SELECT time_add, course_id, course_class, `lock`, tips FROM teacher_sj_schedule WHERE time_add LIKE "%s" AND `lock` != 1 AND time_add LIKE "%s"', $db_year . '%', '_______' . $address . '____');
$result = $conn->query($sql);
if (!$result) {
echo 0;
return 0;
}
//填充课程表
$lesson_sheet = array();
//准备文件名
<?php
include "../include/conn.php";
$user = DB::CheckInput($_POST['admin_user']);
$psw = DB::CheckInput($_POST['admin_psw']);
$sql = "select *from admin where admin_user='******'";
$result = $conn->query($sql);
if ($result) {
$info = $result->fetch_array();
if ($info) {
if ($info['admin_psw'] == md5($psw)) {
echo '1';
} else {
echo '0';
}
} else {
'0';
}
} else {
echo '0';
}
<?php
include '../include/conn.php';
$teacher_id = DB::CheckInput($_POST['teacher_id']);
$teacher_name = DB::CheckInput($_POST['teacher_name']);
$teacher_school = DB::CheckInput($_POST['teacher_school']);
$sql = 'UPDATE teacher SET teacher_school = \'' . $teacher_school . '\' , teacher_name = \'' . $teacher_name . '\' WHERE teacher_id = \'' . $teacher_id . '\'';
$result = $conn->query($sql);
if ($result) {
$row = $conn->affected_rows;
// echo $row;
if ($row) {
echo '2';
//已更新
} else {
echo '1';
//同以前相同
}
} else {
echo '0';
//出错
}
$filename = $_FILES['file']['name'];
//$filename = iconv("utf-8","gbk",$filename);
$filename_sql = $filename;
//iconv('gbk','utf-8',$filename);
$_FILES['file']['name'] = $filename;
if ($_FILES['file']['type'] != 'application/x-msdownload') {
if ($_FILES['file']['error'] > 0) {
echo '<script>alert(\'ERROR CODE : ' . $_FILES['file']['error'] . '\');</script>';
} else {
if (file_exists('../../downloads/' . $filename)) {
echo '<script>alert(\'该文件名已存在,上传失败.\');</script>';
} else {
$max_size = 10 * (2 << 20);
if ($_FILES['file']['size'] >= $max_size) {
echo '<script>alert(\'上传文件过大,上传失败.\');</script>';
} else {
move_uploaded_file($_FILES['file']['tmp_name'], '../../downloads/' . $filename);
$sql = "INSERT INTO `file`(`teacher_id`, `course_id`, `file_name`, `file_type`) VALUES ('" . $_SESSION['teacher_id'] . "','" . DB::CheckInput($_POST['course']) . "','" . $filename_sql . "','" . $_FILES['file']['type'] . "')";
$conn->query($sql);
if ($conn->affected_rows) {
echo '<script>alert(\'上传成功.\');</script>';
} else {
echo '<script>alert(\'上传失败.\');</script>';
}
}
}
}
} else {
echo '<script>alert(\'不允许上传该格式,上传失败.\');</script>';
}
echo '<script>window.history.back();</script>';
}
if ($z == "4") {
return "周四";
}
if ($z == "5") {
return "周五";
}
if ($z == "6") {
return "周六";
}
if ($z == "7") {
return "周日";
}
}
$year = DB::CheckInput($_POST['year']) . "_________";
$course_class = DB::CheckInput($_POST['course_class']);
$sql = "SELECT `time_add`,`course_id`,`course_class`,`tips` FROM `teacher_sj_schedule` WHERE time_add like '{$year}' AND course_class!='' AND course_class like '%{$course_class}%'";
$result = $conn->query($sql);
?>
<table width="88%"; border="1"; id="t_table"; align="center">
<tr height="30px;" align="center" style="font-size:17px; font-weight:600;">
<td style="cursor:pointer" title="课程排序" onclick="ownSort(0)">课程</td>
<td style="cursor:pointer" title="教师排序" onclick="ownSort(1)">教师</td>
<td style="cursor:pointer" title="时间排序" onclick="ownSort(2)">时间</td>
<td style="cursor:pointer" title="地点排序" onclick="ownSort(3)">地点</td>
<td style="cursor:pointer" title="班级排序" onclick="ownSort(4)">班级</td>
<td>备注</td>
<td>资料</td>
</tr>
<?php
//$temp 判断查询结果是否为空
<?php
session_start();
include "../include/conn.php";
$sql = "SELECT * FROM teacher WHERE teacher_id = '" . DB::CheckInput($_POST['teacher_id']) . "'";
$rezult = $conn->query($sql);
if ($rezult) {
$info = $rezult->fetch_array();
if ($info) {
$psw = MD5(DB::CheckInput($_POST['teacher_psw']));
if ($info['teacher_psw'] == $psw) {
$_SESSION['teacher_id'] = $info['teacher_id'];
$_SESSION['teacher_name'] = $info['teacher_name'];
$_SESSION['limits'] = $info['limits'];
//mysql_free_result($rezult);
if ($info['limits'] == '1') {
echo '1';
} else {
if ($info['limits'] == '0') {
echo '2';
} else {
echo '0';
}
}
} else {
echo '0';
}
} else {
echo '0';
}
} else {
<!--
<a href="../index.php" class="prime_a" style="font-size:18px">首页 </a>沈阳工业大学 机房排课系统 欢迎您<a href="teacher_index.php" class="prime_a" style="font-size:19px;"><?php
php;
?>
</a>老师!
<a onclick="zhuxiao()" class="prime_a" style="font-size:18px;">注销</a>
-->
<form name="form0">
<!-- 存储url传值 -->
<?php
if (!isset($_GET['time'])) {
$url_time = "";
} else {
$url_time = DB::CheckInput($_GET['time']);
}
?>
<input type="text" name="url_time" value="<?php
echo $url_time;
?>
" style="display:none">
<input type="text" name="year" style="display:none;" value="<?php
echo $db_year;
?>
" class="input_text"/>
<input type="text" name="servers_time" style="display:none;" value="<?php
echo $servers_time;
?>
">
<!-- 存储日历 -->
<?php
include "../include/conn.php";
$sql = "UPDATE `calendar` SET `calendar_year`=" . DB::CheckInput($_POST['calendar_year']) . ",`calendar_month`=" . DB::CheckInput($_POST['calendar_month']) . ",`calendar_day`=" . DB::CheckInput($_POST['calendar_day']) . " WHERE 1";
//echo $sql;
if ($conn->query($sql)) {
echo '1';
} else {
echo '0';
}
$page_count = 1;
//如果总数据量小于$PageSize,那么只有一页
}
if ($amount % $page_size) {
$page_count = (int) ($amount / $page_size) + 1;
//如果有余数,则页数等于总数据量除以每页数的结果取整再加一
} else {
$page_count = $amount / $page_size;
//如果没有余数,则页数等于总数据量除以每页数的结果
}
} else {
$page_count = 0;
}
if ($amount) {
if (isset($_GET['teacher_name'])) {
$sql = "select * from teacher where teacher_id not like '0000_' and teacher_name like '%" . DB::CheckInput($_GET['teacher_name']) . "%' order by teacher_id asc limit " . ($page - 1) * $page_size . ", " . $page_size;
} else {
$sql = "select * from teacher where teacher_id not like '0000_' order by teacher_id asc limit " . ($page - 1) * $page_size . ", " . $page_size;
}
$result = $conn->query($sql);
while ($info = $result->fetch_array()) {
echo "<tr>";
echo "<td></td>";
echo "<td><a onclick=update_teacher('" . $info['teacher_id'] . "','" . $info['teacher_name'] . "','" . $info['teacher_school'] . "')><img src='image/update.png' alt='.'/>修改</a></td>";
echo "<td><a onclick=delete_teacher('" . $info['teacher_id'] . "')><img src='image/delete.png' alt='.'/>删除</a></td>";
echo "<td>" . $info['teacher_id'] . "</td><td>" . $info['teacher_name'] . "</td><td>" . $info['teacher_school'] . "</td>";
echo "<td><a onclick=update_psw('" . $info['teacher_id'] . "')><img src='image/lock.jpg' alt='.' width='16px'/>重置密码</a></td>";
echo "</tr>";
}
} else {
echo "<tr align=center ;>\r\n\t\t\t<td colspan=7 height=50px;>无相关数据,请重新输入</td>";
<?php
include '../include/conn.php';
$course_id = DB::CheckInput($_POST['course_id']);
$sql = 'DELETE FROM course WHERE course_id = ' . $course_id;
$result = $conn->query($sql);
$sql_sj = "UPDATE `teacher_sj_schedule` SET `course_id`='00000000',`course_class`='',`lock`='1',`tips`='' WHERE course_id=" . $course_id;
$conn->query($sql_sj);
if ($result) {
echo '1';
} else {
echo '0';
}
<?php
include "../include/conn.php";
$sql = "UPDATE `teacher_sj_schedule` SET `course_id`='00000000',`course_class`='',`lock`='1',tips='' WHERE time_add = '" . DB::CheckInput($_POST['time_add']) . "'";
$conn->query($sql);
if ($conn->affected_rows) {
echo '1';
} else {
echo '0';
}
<?php
include '../include/conn.php';
$course_id = DB::CheckInput($_POST['course_id']);
$course_name = DB::CheckInput($_POST['course_name']);
$sql = 'UPDATE course SET course_name = \'' . $course_name . '\' WHERE course_id = \'' . $course_id . '\'';
$result = $conn->query($sql);
if ($result) {
$row = $conn->affected_rows;
// echo $row;
if ($row) {
echo '2';
//已更新
} else {
echo '1';
//同以前相同
}
} else {
echo '0';
//出错
}
<?php
session_start();
include "../include/conn.php";
$id = DB::CheckInput($_POST['time_add']);
$sql = "select * from teacher_sj_schedule where substr(time_add,1,12) = '{$id}'";
$result = $conn->query($sql);
//编辑专业班级字符串,若已在字符串里存在则直接加班级,不加专业,若不存在,则加专业班级;参数1代表专业,参数2代表班级,参数3代表要处理的字符串
function major_class($major, $class, $return)
{
$len = strpos($return, $major);
//echo "len = ".$len;
if (!$len) {
$return = $return . ' ' . $major . '[' . $class . ']';
} else {
$cnt = strlen($major);
$left = substr($return, 0, $len + $cnt + 6);
$right = substr($return, $len + $cnt + 6);
//echo "left = ".$left."<br>right = ".$right;
$return = $left . '[' . $class . ']' . $right;
}
//echo "<br>".$return;
return $return;
}
if ($result) {
while ($info = $result->fetch_array()) {
$sql1 = "select * from course where course_id = '{$info['1']}'";
//获取课程名及教师号
$result1 = $conn->query($sql1);
if ($result1 && ($info1 = $result1->fetch_array())) {
$sql2 = "select * from teacher where teacher_id = '{$info1['1']}'";
<?php
set_time_limit(0);
include "../include/conn.php";
$id = DB::CheckInput($_POST['year_term_school_address']);
$year_term = DB::CheckInput($_POST['year_term']);
$address = DB::CheckInput($_POST['address']);
$school = DB::CheckInput($_POST['school']);
$school_id = DB::CheckInput($_POST['school_id']);
$sql1 = "INSERT INTO `ini_year_term` (`year_term`) VALUES('{$year_term}')";
$conn->query($sql1);
$sql2 = "INSERT INTO `ini_school`(`school`,school_id) VALUES ('{$school}','{$school_id}')";
$conn->query($sql2);
$sql3 = "INSERT INTO `ini_address`(`address`) VALUES ('{$address}')";
$conn->query($sql3);
$sql = "";
for ($i = 1; $i <= 20; $i++) {
for ($j = 1; $j <= 5; $j++) {
for ($k = 1; $k <= 7; $k++) {
if ($i <= 9) {
$add_time = $id . '0' . $i . $j . $k;
} else {
$add_time = $id . $i . $j . $k;
}
$sql = $sql . "(" . $add_time . "),";
}
}
}
$sql = substr($sql, 0, -1);
$sql = "INSERT INTO `teacher_sj_schedule`(`time_add`) VALUES" . $sql;
$conn->query($sql);
<?php
include "../include/conn.php";
$course_id = DB::CheckInput($_POST['course_id']);
$time_add = DB::CheckInput($_POST['time_add']);
$course_class = DB::CheckInput($_POST['student_id']);
$tips = DB::CheckInput($_POST['tips']);
$sql1 = "UPDATE teacher_sj_schedule SET course_id = '{$course_id}',course_class='{$course_class}',`lock`='0',tips='{$tips}' WHERE time_add = '{$time_add}' AND `lock`='1'";
$conn->query($sql1);
$row = $conn->affected_rows;
//echo $sql1."fanyiwei".$row;
if ($row) {
echo '1';
} else {
echo '0';
}
$result3 = $conn->query($sql3);
if ($result3) {
$info3 = $result3->fetch_array();
$class = major_class($info3['student_major'], substr($class_array[$n], 0, 2) . '0' . substr($class_array[$n], 6, 1), $class);
//$class = $info3['student_major'].substr($class_array[0],0,2).'0'.substr($class_array[0],6,1);
}
}
return $class;
}
//是否导出所有教师数据并打包
$global = DB::CheckInput($_GET['global']);
//$global = 0;
//指定导出的教师名
$teacher = '';
if (!$global) {
$teacher = DB::CheckInput($_GET['teacher']);
// $teacher = '修国一';
$sql_confirm = sprintf('SELECT teacher_name FROM teacher WHERE teacher_name = "%s"', $teacher);
$confirm_result = $conn->query($sql_confirm);
if (!$confirm_result->num_rows) {
echo '<script>alert("抱歉,数据库中没有查到该老师姓名")</script>';
exit;
}
//填充课程表
$lesson_sheet = array();
//准备文件名
$date = str_split($db_year, 4);
$file_name = $teacher . '-' . $date[0] . '年度第' . $date[1] . '学期实验室安排表.xls';
$sql = "SELECT `time_add`,`course_id`,`course_class`,`tips` FROM `teacher_sj_schedule` WHERE time_add like '{$db_year}%' AND course_class!='' AND course_id in (SELECT course_id FROM `course` WHERE teacher_id in (select teacher_id from teacher where teacher_name like'%" . $teacher . "%')) ORDER BY time_add";
$result = $conn->query($sql);
if (!$result) {
<?php
include '../include/conn.php';
$teacher_id = DB::CheckInput($_POST['teacher_id']);
$sql = "UPDATE teacher SET teacher_psw = '" . $default_password . "' WHERE teacher_id = '" . $teacher_id . "'";
//echo $sql;
$result = $conn->query($sql);
if ($result) {
echo '1';
//RIGHT PASSWORD & MOD
} else {
echo '0';
//RIGHT PASSWORD & UNMOD
}
<?php
session_start();
include '../include/conn.php';
$teacher_id = $_SESSION['teacher_id'];
$old_password = md5(DB::CheckInput($_POST['old_password']));
$new_password = md5(DB::CheckInput($_POST['new_password']));
$sql = 'SELECT * FROM teacher WHERE teacher_id = \'' . $teacher_id . '\' AND teacher_psw = \'' . $old_password . '\'';
$result = $conn->query($sql);
if ($result) {
$info = $result->fetch_array();
if ($info) {
$sql = 'UPDATE teacher SET teacher_psw = \'' . $new_password . '\' WHERE teacher_id = \'' . $teacher_id . '\'';
$update_result = $conn->query($sql);
if ($update_result) {
echo '2';
//RIGHT PASSWORD & MOD
} else {
echo '3';
//RIGHT PASSWORD & UNMOD
}
} else {
echo '1';
//WRONG PASSWORD
}
} else {
echo '0';
//数据库访问出错
}
